5.1.2. Lack of security support for the ecosystem around libv8 and Node.js

The Node.js platform is built on top of libv8-3.14, which receives a high volume of
security issues, but there are currently no volunteers within the project or
the security team sufficiently interested and willing to spend the large
amount of time required to stem those incoming issues.

Unfortunately, this means that libv8-3.14, nodejs and the associated node-* package
ecosystem should not currently be used with untrusted content, for example
unsanitized data from the internet.

In addition, these packages will not receive any security updates during the
lifetime of the jessie release.

5.6. Upgrading installs the new default init system for Jessie

Jessie ships with systemd-sysv as
default init system. If you have a preference for
another init such as sysvinit-core
or upstart, it is recommended to
setup APT pinning prior to the upgrade. This may also be required if you
are upgrading LXC containers before the host. In this case, please refer to
Avsnitt 5.8.1, ”Upgrading LXC guests running on wheezy hosts”.

As an example, to prevent systemd
from being installed during the upgrade, you can create a file called
/etc/apt/preferences.d/local-pin-init with the
following contents:

Package: systemd-sysv
Pin: release o=Debian
Pin-Priority: -1

Observera

Be advised that some packages may have degraded behaviour or may be lacking
features under a non-default init system.

Please note that the upgrade may install packages containing "systemd" in
their name even with APT pinning. These alone do not
change your init system. To use systemd as your init system, the
systemd-sysv package must be
installed first.

5.6.1. Stricter handling of failing mounts during boot under systemd

The new default init system, systemd-sysv, has a stricter handling of failing
"auto" mounts during boot compared to sysvinit. If it fails to mount an
"auto" mount (without the "nofail" option), systemd will drop to an
emergency shell rather than continuing the boot.

We recommend that all removable or "optional" mount points (e.g.
non-critical network drives) listed in /etc/fstab
either have the "noauto" or the "nofail" option.

5.6.2. Locally modified init-scripts may need to be ported to systemd

Notera

This section only applies to systems where Debian provided init scripts have
been modified locally.

If you have modified some of your init scripts provided by Debian, please be
aware that these may now have been superseded by a systemd unit file or by
systemd itself. If you have debsums installed, you can check for locally
modified init scripts by using the following shell command.

If either command flags any files and their corresponding packages
or the systemd
now provides an systemd unit file for that service, the systemd unit file
will take precedence to your locally modified init script. Depending on the
nature of the change, there are different way to perform the migration.

If necessary, it is possible to override the systemd unit file to have it
start the sysvinit script. For more information on systemd unit files,
please have a look at the following resources.

This is required as the Wheezy host lacks functionality to boot a system
running systemd.

You should be able to switch over to systemd inside the LXC guest once you
have upgraded the host system to Jessie. See the next
paragraph for things that need to be adapted on Jessie hosts.

5.8.2. Upgrading LXC guests running on jessie hosts

In order to be able to boot LXC guests with systemd, you need to adapt your
LXC container configuration. The container configuration can usually be
found in
/var/lib/lxc/CONTAINER_NAME/config
You need to add the following two settings to the configuration:

5.8.3. Ytterligare information

This section is only for people have set up LUKS encrypted disks themselves
using the whirlpool hash. The debian-installer never
supported creating such disks.

If you have manually setup an encrypted disk with LUKS
whirlpool, you will need to migrate it manually to a stronger hash. You can
check if your disk is using whirlpool by using the following command:

# /sbin/cryptsetup luksDump <disk-device> | grep -i whirlpool

For more information on migrating, please see item "8.3 Gcrypt 1.6.x and
later break Whirlpool" of the cryptsetup
FAQ.

Observera

If you have such a disk, cryptsetup
will refuse to decrypt it by default. If your rootdisk or other system
disks (e.g. /usr) are encrypted with whirlpool, you should migrate them
prior to the first reboot after upgrading cryptsetup.

5.10. The GNOME desktop requires basic 3D graphics

The GNOME 3.14 desktop in Jessie no longer has fallback support for machines
without basic 3D graphics. To run properly, it needs either a recent enough
PC (any PC built in the last 10 years should have the required SSE2 support)
or, for architectures other than i386 and amd64, a 3D-accelerated graphics
adapter with EGL drivers.

5.11. The GNOME desktop does not work with the AMD proprietary FGLRX driver

Unlike other OpenGL drivers, the AMD FGLRX driver for Radeon adapters does
not support the EGL interface. As such, several GNOME applications,
including the core of the GNOME desktop, will not start at all when this
driver is in use.

It is recommended to use the free radeon driver, which is
the default in jessie, instead.

5.12. Changes in the GNOME default keyboard shortcuts

The default keyboard shortcuts in the GNOME desktop have changed in order to
match more closely those of some other operating systems.

Shortcut settings previously modified by the user will be preserved upon
upgrade. These settings can still be configured from the GNOME control
center, accessible from the top right menu by clicking on the “settings”
icon.

5.13. Changes to default shell of system users provided by base-passwd

The upgrade of base-passwd package
will reset the shell of system users that is provided to the "nologin"
shell. This includes the following users:

daemon

bin

sys

games

man

lp

mail

news

uucp

proxy

www-data

backup

list

irc

gnats

nobody

If your local setup requires that any of these users have a shell, you
should say no to migrating or migrate and then change the shell of the
corresponding users. Notable examples includes local backups done via the
"backup" user with an "ssh-key" authentication.

Observera

The migration will happen automatically if your debconf question priority is
"high" or above.

If you know you want to keep the current shell of a given user, you can
preseed the questions by using the following:

Where username is the name of the user in
question and current-shell-mangled is the mangled
name of the shell. The mangling is done by replacing all non-alphanumerical,
non-dashes and non-underscores with underscores. E.g. /bin/bash becomes
_bin_bash.

5.14. Migration to new KDE E-mail, Calendar and Contacts (Kontact)

The Kontact Personal Information Management system has received a major
upgrade. The new version makes much greater use of metadata indexing and
each user's data must be migrated into these new indices.

E-mail, calendar events and addressbook contacts are automatically migrated
when the user logs in and the relevant component is started. Some advanced
settings such as e-mail filters and custom templates require manual
intervention. Further details and troubleshooting suggestions are collected
on the Debian
Wiki.